Network Time Protocol (NTP) is one of the most crucial, yet easiest, services to configure and manage with Puppet, to properly synchronize time across all your nodes. Follow this guide to get started managing a NTP service using the Puppetntp module.

The clocks on your servers are not inherently accurate. They need to synchronize with something to let them know what the right time is. NTP is a protocol that synchronizes the clocks of computers over a network. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to within a millisecond.

Your entire datacenter, from the network to the applications, depends on accurate time for security services, certificate validation, and file sharing across Puppet agents. If the time is wrong, your Puppet master might mistakenly issue agent certificates from the distant past or future, which other agents treat as expired.

Using the Puppet NTP module, you can:

Ensure time is correctly synced across all the servers in your infrastructure.

Ensure time is correctly synced across your configuration management tools.

Roll out updates quickly if you need to change or specify your own internal NTP server pool.

This guide walks you through the following steps in setting up NTP configuration management:

Installing the puppetlabs-ntp module.

Adding classes to the default node in your main manifest.

Viewing the status of your NTP service.

Using multiple nodes in the main manifest to configure NTP for different permissions.

Note: You can add the NTP service to as many agents as needed. For simplicity, this guide describes adding it to only one.

The first step is installing the puppetlabs-ntp module. The puppetlabs-ntp module is part of the supported modules program; these modules are supported, tested, and maintained by Puppet. For more information on puppetlabs-ntp, see the README. To install it, run:

The next step is adding classes from the NTP module to the main manifest.

The NTP module contains several classes. Classes are named chunks of Puppet code and are the primary means by which Puppet configures nodes. The NTP module contains the following classes:

ntp: the main class, which includes all other NTP classes, including the classes in this list.

ntp::install: handles the installation packages.

ntp::config: handles the configuration file.

ntp::service: handles the service.

You’re going to add the ntp class to the default node in your main manifest. Depending on your needs or infrastructure, you might have a different group that you’ll assign NTP to, but you would take similar steps.

From the command line on the master, navigate to the directory that contains the main manifest:

If you want to configure the NTP service to run differently on different nodes, you can set up NTP on nodes other than default in the site.pp file.

In previous steps, you’ve been configuring the default node.

In the example below, two NTP servers (kermit and grover) are configured to talk to outside time servers. The other NTP servers (snuffie, bigbird, and hooper) use those two primary servers to sync their time.

One of the primary ntp servers, kermit, is very cautiously configured — it can’t afford outages, so it’s not allowed to automatically update its NTP server package without testing. The other servers are more permissively configured.